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METHOD AND APPARATUS FOR AUTHENTICATING FINANCIAL 
TRANSACTIONS 



FIELD 

5 This invention relates to the authentication of financial transactions using a remote terminal. 
BACKGROUND 

Typically remote terminals are used in stores to authenticate a credit card transaction at the 
point of sale, or to authorise a direct debit transaction. In New Zealand and some other 

10 countries such terminals are commonly referred to as EFTPOS (standing for "Electronic 
Funds Transfer Point of Sale" terminal) . Other transaction's of this type involve the use of 
automatic teller machines ("ATM") in which the customer can withdraw money , or can 
arrange to transfer money from one account to another, or to obtain a statement of one or 
more of the customer's accounts. All of these transaction rely on some form of plastic card 

15 containing machine readable information: These cards are commonly called credit cards or 
debit cards. Depending upon how the cards are used, whether they are a typical "dumb card" 
or a "smart card" the user is required to authenticate the transaction by signing a document, 
typically a receipt or credit card form, or by entering a PIN (standing for "Personal 
Identification Number") which the customer then has to remember and enter into the 

20 appropriate terminal at the appropriate time. 

The plastic card is partly to identify the customer and the customer's account number. 
However it is an incomplete identification, requiring either the customer's signature or the 
entry of a PIN. 



The problem with plastic cards of the credit or debit card type, is that such cards can be 
stolen, or misused. Relying on a customer's signature, and comparing the signature on the 
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document to that on the credit card still allows for fraud, as the unauthorised user of the c&rd 
may have practised the signature, and in many cases the merchant may not bother to compare 
the signature on the card or the signature on the receipt. Similarly with a debit card, the thief 
may have discovered the customer's PIN and riiay be able to access the account. , . " ■ 

5 There is a need to reduce the risk of fraud associated with the theft or misuse of credit or, 
debit cards, and yet still allow the customer the opportunity to conduct remote financial 
transactions making use of an ATM, or point of sale terminal when withdrawing money from 
a bank or shopping. 

10 OBJECT 

It is an object of the invention to provide an improved method and apparatus for 
authenticating financial transactions, or one which will at least provide the public with'a 

useful choice. ( 

' it 

15 STATEMENT OF INVENTION 

The solution involves the use of a unique biological identifier, together with an appropriate 
measuring device at the remote terminal, which allows the user to do away completely with 
the plastic card if the user so desires. The invention allows the user to rely completely on the 
unique biological identifier to serve both as the account number and/or the PIN, or allows the 
20 user to combine the use of this unique biological identifier with a plastic card and/or separate 
PIN. The invention will be more readily understood by reading the description of the 
preferred embodiments. For the moment the invention will be considered in general terms. 

Suitable unique biological identifiers of the present time include fingerprints (the most 
preferred form of unique biological identifier), palm prints, retinal scans, voice prints and 
25 DNA measurement. By linking the unique biological identifier, for example a stored 

fingerprint, with an account number, then by taking a fingerprint at a point of sale terminal 
and transmitting information about that fingeiprint to a financial "clearing house" (bank, 
credit or debit card company or the like), that unique biological identifier can be identified 
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by the clearing house and then linked to the financial information for that particular 
customer. By this means a unique biological identifier such as a fingerprint can serve as both 
the account number and the equivalent of the signature or PIN which would give the 
customer access to that particular account. Indeed it is possible by using fingerprints to use 
5 the prints on different fingers to access different accounts at the same bank, or to access 
different accounts at other banks or credit card companies; This will become apparent from 
, the description of the preferred embodiment. , 

In one aspect the invention consists in a computer implemented method of authenticating a 
financial transaction requested by a user using a remote terminal, the method of including the 
10 steps of 

storing account information in machine readable form, the information relating to one or 
more financial accounts, 

storing identity information relating to each account, the identity information including 
machine readable information corresponding to a unique biological identifier supplied by at 
15 least one individual authorised to access at least one of the accounts, 

submission by the user of the user's unique biological identifier, and submission of the user's 
transaction request at the remote terminal, 

transmission from the remote terminal to a clearing house of the user's unique biological 
identifier and the user's transaction request, 

20 a comparison made by the clearing house of the user's unique biological identifier with the 
stored identity information, 

if the users unique biological identifier matches any of the stored identity information, then 
the transaction information is compared with the account to which the biological information 
relates to ascertain whether the requested transaction is allowable, and 

25 if the transaction is allowable, processing the transaction. 

In a further aspect the invention consists in apparatus for authenticating a financial 
transaction requested by a user using a remote terminal, the apparatus including 



SUBSTITUTE SHEET (RULE 26) 



WO 01/50428 



-4- 



PCT/NZ01/00001 



a database having account information in machine readable form, the account information 
relating to one or more financial accounts 

the database also storing identity information relating to each account, the identity 
, information including machine readable information corresponding to a unique biological 
5 identifier supplied by at least one individual authorised to access at least one of the accounts 

receiving means to receive information from a, remote terminal corresponding to the user's 
unique biological identifier and information relating to the user's transaction request at the 
remote terminal, 

comparing means to compare the users unique biological identifier with the stored, identity 
10 information to ascertain the relevant account, and processing means to process the requested 
transaction. 

In a further aspect the invention consists in a bank card, such as a credit card, eftpos card or 
the like, including a series of digits on the card, the digits including information to enable 
identification of a clearing house relating to an account which the owner of the card in use , 
15 has authorisation to access, and there being no identification information on the card 

regarding the identity of the user or the identity of the actual account or accounts which the 
user is authorised to access. ' 

In another aspect, the invention provides a method of authenticating financial transactions by 
establishing a clearing house which stores information in machine readable form on a 

20 plurality of customers, each customer's information including at least information on the 
account, including the account balance or credit limit for the account, and information 
pertaining to an unique biological identifier supplied by the customer, linking the. clearing 
house to one or more remote terminals which remote terminals can be accessed by customers 
or by merchants, or both, (for example point of sale terminals or ATM machines) means for 

25 transmitting from one or more of those terminals information to the clearing house 

information containing details of the transaction to be approved by the clearing house, and 
information relating to the unique biological identifier detected or measured by the terminal, 
the clearing house comparing the received information on the transmitted unique biological 
identifier with its store of such information, identifying the particular account correlated with 
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the received unique biological identifier and then comparing the details of the financial 
transaction with the account information and any rules relating to that particular account, to 
determine whether the transaction should be approved or declined. If the transaction is 
declined, information on this is transmitted back to the originating terminal, and if the 
5 transaction is approved, the appropriate financial transactions are performed, and recorded on 
the customer's account ledger, in confirmation of the transaction is transmitted to the 
1 originating terminal. In either event a statement may be printed at the terminal for the 
customer, as required. 

Preferably the stored information includes the account name, details of the customer, 
10 optionally a PIN or password only known to the customer, in the unlikely event that 

additional verification is required. Typically the account information will be similar to that 
maintained by a bank, credit card company, or other financial enterprise with full 
information on the customer and the customer's account. Such information is usually 
obtained by the customer filling out appropriate forms at the time hat the account is created. 
15 In this case, the customer would supply the usual information supplied to the bank or credit 
card company and also supply a unique biological identifier, which in this example is 
referred to as a finger print. But other unique biological identifiers can be used in this 
invention, if they can be readily supplied to the financial enterprise when the customer 
applies for an account of this type, and can be readily measured at a remote terminal, to 
20 allow the customer to access this particular type of account. 

Because the use of an unique biological identifier to give the customer access to his or her 
account enables the customer to avoid the use of a physical credit or debit card, or even a 
PIN, and yet the account is tied to that customer, and is not transferable (unless someone 
decides to chop off the customer's finger, or to coerce the customer to use a remote terminal 

25 by force, drugs or the like), the use of a unique biological identifier opens up the possibility 
of a customer safely operating an anonymous or numbered account. For example a financial 
enterprise may open special accounts for customers (subject to the relative taxation laws) 
whereby a customer deposits a certain amount of money into this unnamed account, and 
identification is by way of the customer's unique biological identifier. This would allow the 

30 customer to withdraw sums of money, or authorise purchases at point of sale terminals 

without the bank or the operators of the terminals knowing the identity of the customer. This 
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may of course be contrary to the wishes of governments and in particular the appropriate . 
taxation authorities as it would enable persons to carry out anonymous transactions. 

In another aspect the invention provides apparatus for authenticating financial transactions 
including a remote terminal connectable to a clearing house including a key pad to enter a 
5 financial transaction, and means for measuring or recognising a unique biological identifier, 
and means for transmitting information to a clearing house. 

Preferably the apparatus includes a card reader and may optionally include a printer to print a 
record of the transaction. 

Preferably the apparatus includes some form of display such as LCD display to show the 
10 amount of the transaction, and any message received from the clearing house, for example 
stating whether the transaction is "approved" of "declined". 

Preferably the apparatus includes a standard EFTPOS terminal with appropriate EFTPOS 
remote to enable information to be keyed into the EFTPOS terminal, but also includes a 
device for measuring or recognising a unique biological identifier. 

15 Most preferably the device measuring the unique biological identifier is a device for 
recognising, and codifying a finger print. 

Preferably this device is a capacitive imaging device, and means for codifying that finger 
print information so that it can be readily transmitted to the clearing house in a form 
acceptable to the clearing house. Preferably the information on the finger print (of other 
20 unique biological identifier) is encrypted along with the financial information and 
transmitted by the remote terminal to the clearing house. 

Preferably the transaction takes place over the internet, or some other communications 
medium, using in this case the customer's personal computer, or a publicly accessible 
computer such as a kiosk, or someone else's computer set up to allow the user to conduct 
25 business over the internet or equivalent communications medium. 

Preferably the computer to be used by the customer has imaging means connected to it to 
enable the computer to capture an image, more preferably a digital image, of the customer's 
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fingerprint. In its most preferred form, the invention makes use of an internet camera 
(typically a small CCD camera capable of capturing a digital image and transmitting that 
image to the computer). Alternatively, other imaging means may be used, for example a 
scanning device may be used to scan the customer's hand or single finger, when placed on 
5 the bed of the scanner. 



In another aspect, the invention provides a method of authenticating financial transactions by 
establishing a clearing house which stores information in machine readable form on a 

10 plurality of customers, each customer's information including at least information on the 
customer's account, including the account balance and credit limit for the account, and 
information pertaining to a unique biological identifier supplied by the customer, linking the 
clearing house to one or more remote terminals which remote terminals can be accessed by 
customers or by merchants, or both, (for example point of sale terminals or ATM machines), 

15 means for transmitting from one or more of those terminals information to the clearing 
house, information containing details of the transaction to be approved by the clearing house, 
information containing details of the account type or clearing house which administers the 
account, and information relating to the unique biological identifier detected or measured by 
the terminal, the clearing house comparing the received information on the account type to 

20 direct the transaction to the appropriate account for the clearing house, and comparing the 
recbived information on the transmitted unique biological identifier with its store of such 
information, identifying the particular account correlated with the received unique biological 
identifier, and then comparing the details of the financial transaction with the account 
information and any rules relating to that particular account, to determine whether the 

25 transaction should be approved or declined. 

Preferably, if the transaction is declined, information on this is transmitted back to the 
originating terminal, and if the transaction is approved, the appropriate financial transactions 
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are performed, and recorded on the customer's account ledger, and confirmation of the 
transaction is transmitted to the originating terminal. 

Preferably, whether the transaction is accepted or declined, a statement may be printed at the 
5 terminal for the customer, as required. 

Preferably the transaction takes place over the Internet, or some other communications 
medium, using in this case the customer's personal computer, or a publicly accessible 
computer such as a kiosk, or someone else's computer set up to allow the user to conduct 
10 business over the Internet or equivalent communications medium. 

i 

Preferably the account information is the information which is carried on a users credit, 
debit, or EFTPOS or similar card being that information which identifies the particular bank 
or entity which administers the accounts to which the card relates. 

15 ■ . , 

Preferably the card therefore only carries numbers visible on the card which relate to the 
particular clearing house or bank etc to which the card relates and no other information 
regarding the users specific account or identity is carried on the card. 

20 Preferably the users identity and account details are accessed by using the unique biological 
identifier information. 

Alternatively, a pin number may also be provided for use by the customer. 
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DRAWINGS DESCRIPTION 

These and other aspects of this invention, which would be considered as novel in all aspects 
would become apparent from the following description, which is given by way of example 
only, with reference to the accompanying drawings in which: . 

5 Figure 1 illustrates the combination of an EFTPOS terminal, EFTPOS remote and finger 
i print reader. 1 

Figure 2 is a finger print credit card flow chart. 

Figure 3 illustrates the combination of an internet camera, connected to a personal computer, 
and shows a selected view of the camera output on the computer monitor screen. 

10 Figure 4 is a diagrammatic illustration of a typical electronic funds transaction using a credit 
card at a remote terminal. 

Figure 5 is a diagram of a credit card or other financial transaction card according to the 
invention. 

15 PREFERRED EMBODIMENTS 
Example! 

In this first example a finger print reader is used in conjunction with an electronic funds 
transfer point of sale terminal. Typically such a terminal will have a card reader to read the 
magnetic strip on a credit or debit card, and this information on the customer's account will 

20 be linked to a keypad, on an EFTPOS remote terminal enabling the customer to enter a PIN 
if required, and in the case of credit card transaction to push the button marked "credit" so 
that the information from the card and the customer's PIN (if required) is transmitted to a 
clearing house. Typically such terminals are connected by a telephone line and modem to a 
bank or credit card clearing house, and depending upon the size of the country and number of 

25 accounts, there may be a number of such clearing houses associated with a particular 
financial enterprise. 
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In this example a finger print reader, preferably a capacitive reader (described below) is ; 
linked to the EFTPOS terminal of EFTPOS remote. Preferably the reader has controls, 
enabling the user to select one or more accounts associated with that unique biological 
identifier. It will be appreciated that some customers may only have a single account, with 
5 one company , while some customers may have multiple accounts with multiple companies. 

In the example illustrated in Figure 1, the display enables the customer to choose between 
the most commonly used credit card or charge card companies approved by that particular 
merchant. It will be the merchant's choice as to which company the merchant deals with, 
and hence this information may be pre-set on the merchant's EFTPOS terminal, or maybe 

10 scrolled through on a LCD display. At the time the transaction takes place the merchant will ; 
enter the amount of the transaction, will ask the customer whether the customer wishes to use 
a credit or debit card, or use what the inventor believes should be called a "finger print credit 
card" (although no such physical card is required, it is believed that this term will perhaps be 
more acceptable to both the merchant and the customer when such accounts are marketed). 

15 If the customer chooses to use his or her "finger print credit cafd" the customer will then be 
asked to place their finger print on the finger print reader, to nominate which of the available 
accounts is associated with the customer's finger print, to then press the "OK" button to 
transmit that information through the EFTPOS terminal to the clearing house. 

Turn now to Figure 2 to consider the flow chart detailing these transaction. The first few 
20 steps deal with the operation of the remote terminal. The customer having chosen to use a 
"finger print credit card", the finger print must first be identified on the finger print reader. 
The finger print reader will have the appropriate software to determine whether or not the 
scan of the finger print is a good scan or a bad scan and must be repeated. Once the device 
recognises that there is good scan ie a sufficiently clear scan of the finger print, that 
25 information is sent via the EFTPOS terminal to the clearing house, in this case a credit data 
base. As shown in Figure 1, the customer has chosen the VISA (trade mark) credit card 
database. The EFTPOS terminal thus dials the appropriate number for the nearest VISA 
clearinghouse. 

At the VISA clearing house, the transaction is logged, and the finger print which may have 
30 been transmitted as an analogue signal, or more likely as a digitised finger print, is then 
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checked against the appropriate finger print data base, and if a match is made the clearing 
house then recognises the customers account number (and may also recognise the 
customer's name as that is stored against the account number). The clearing house then 
checks the customer's credit balance, and determines whether the transaction will be 
5 approved or declined based on the rules in place for that particular customer, or that 

particular type of merchant transaction. If the transaction is declined due to lack of credit, or 
'» otherwise, information is transmitted back to the remote terminal to say that the transaction 
is "declined". If the transaction is accepted, then the credit card* company perfonms the 
appropriate financial transaction, logging the nature of the transaction onto the customer's 
10 ledger, sending a confirmation of acceptance to the merchant. This allows the merchant to 
print out a receipt for the customer. 

Example 2 

1 

In this example the customer may wish to access multiple accounts, with the minimum of 
entry on the key pad. To do this, the customer may have chosen different unique biological 
15 identifiers to be associated with different accounts. 

In the simplest version the customer may chose different finger prints or thumb prints to be 
associated with different accounts. 

For example, consider the case of a customer who has existing credit cards with 
MASTERCARD, VISA and DINERS CLUB, who wishes to travel, yet minimise the risk of 

20 inctpnvenience resulting from lost or stolen credit cards. In which case the customer may 
apply to MASTERCARD to use the finger print from his/her index finger as the unique 
biological identifier for MASTERCARD transaction. This means that the customer could 
continue to use the credit card in some circumstances but when travelling, or perhaps out 
running or walking and wishes to make a transaction without the presence of his or her credit 

25 card, the customer can simply use the finger print identification from the customer's first 
finger to access the customer's MASTERCARD account to allow the transaction. 

Similarly, the customer may have chosen the finger print his or her second finger to identify 
the customer's VISA card account. Similarly the third finger may be used as the identifier 
for the customer's DINERS CLUB account. 
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Example 3 

The customer may still wish to use a PIN to validate certain transactions. Whether or not a 
PIN is required* it can be stored in association with the data on the account heltf at the 
clearing house. Thus the customer and/or the clearing house may determine the level of 
5 security on a particular account. In an extreme case the customer may have to supply the 
credit card, finger print, and also a PIN. In those circumstances, it is envisaged that the 
customer will first supply the credit card to the merchant, who processes the transaction, and 
then the clearing house will ask for either or both a finger print and a PIN . 

However, the convenience of the concept of a "finger print credit card" allows the user to do 
10 away completely with the use of plastic card, and to rely solely on the user's finger print as 
the unique biological identifier. 

Example 4 ' 

In this example the customer and the financial enterprise or clearing house may have decided 
that the customer should provide a finger print as an identification for the customer and also . 

15 provide secondary means of identification in the case of any ambiguity or uncertainty 

involving that transaction. Such uncertainly may arise because of corruption of information 
transmitted over the telephone lines, or the possibility (which is extremely remote) but 
should be allowed for that the scanned information is similar to that of more than one 
customer. In this unlikely eventuality, the customer may be required to supply a PIN, or may 

20 have determined with the clearing house that a second biological identifier may be used, for 
example a finger print taken from another finger or better still a finger print taken from a 
finger on the customer's other hand. 

A number of other such permutations suggests themselves, once the concept of using of a 
"finger print credit card" is considered. 

25 

Example 5 
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In this example the remote terminal may rely on a retinal scan rather than a finger print 
reader. Retinal scans are now available, to uniquely identify individuals. In which case the 
device of Figure 1 simply requires the replacement of the finger print reader for a retinal scan 
device, and information can be supplied to the clearing house in a similar way to that 
5 outlined in Figure, 2, with a digitised version of the retinal scan being used to replace the 
digitised finger print scan. It is also possible to take a "voice print" by having an appropriate 
sound transducer such as a microphone sample the user's voice and transmit the sampled 
signal to the clearing house for the required comparison with stored* voice file information. 
Similarly, a palm print could be used rather than a finger print. 

10 Example 6 

In this example it is possible to measure the customer's DNA to send digitised information to 
the clearing house, based on the DNA, taken from a small body sample, perhaps a skin 
scraping or sample of hair, and to use this as the unique identifier. Alternatively, a DNA 
scan may be performed rather than a body sample having to be provided. 

15 At this time this is less practical, than the finger print reader described above, as the 

equipment to speedily determine the customer's DNA is not yet as mature as that of the 
finger print technology which will be discussed in more detail below. 

Example 7 - Internet Fingerprint Transactions 

20 In order to use fingerprint financial transactions over the internet, there must be some way of 
transmitting the fingerprint from the user's computer to the bank's computer or the computer 
of the clearing house. This requires either a pre-scanned fingerprint to be present on the 
user's computer or a way to scan the fingerprint "into" the machine. 

The easiest way for the fingerprint to be scanned on today's PC's is via an internet camera. 
25 Real-time imaging of the fingerprint can be taken, and the computer can interact with the 
user to achieve an optimal scan. Once the camera has taken the scan it can then transmit it 
over the internet. 
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The following is an example of how the process may work: 1 

1. The user decides on a purchase. 

2. The user "clicks" on "make payment via fingerprint". 

3. The computer activates the camera and brings up a display of the camera's output. 
5 4. The computer overlays a sketch of where the' finger should be placed on the image. 

5. The computer waits and looks for a finger image to be placed over the sketch. 

6. Once the computer detects the finger it takes a picture of the finger. , 

7. The picture is compressed and sent to the credit company or bank or clearing house. 

8. The clearing house, credit company or bank validates the image or asks for another 
10 image. * . , 

9. If another image is asked for, the computer repeats steps 5,6 and 7. 

10. Once the print has been validated the purchase goes through. 

The output picture of the internet camera will be displayed on screen. A sketch of where the 
finger should be placed for the scan will be overlaid on the output. The user will place his 
15 finger in front of the camera moving it around until it is lined up with the sketch. The 

computer using a general shape recognition program will wait until the fingerprint is in the 
correct position and then take a photo of it, which it can send over the internet. Further 
software can be used in order to alter the picture into the required format for fingerprint 
identification. 

20 Authentication of the fingerprint image may also be provided. The invention allows this to 
be effected in a number of different ways, including but not limited to; 

transmission by the computer of a number or character string such as the serial number of the 
computer processor, a serial number associated with the operating system or a "caller id" 
number from the telephone line the personal computer may use for communications access. 
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Alternatively , a number may need lo be provided by the machine or user before a download 
from the Internet can occur. 

VARIATIONS 

5 It will be noted that any convenient means of capturing the image and transmitting it to a 
personal computer can be used. The most convenient means is the internet camera discussed 
above. These are readily available. An alternative device that could be used is a scanner, as 
many personal computers are supplied today with a scanner as standard equipment. Another 
alternative would be to make use of an electronic still camera which captures a visual image, 

10 which can then be transferred to the personal computer. 

It will be appreciated that any convenient means of electronically capturing an image of the 
user's fingerprint and transferring it to the personal computer can be used in conjunction 
with this invention. 

15 Example 8 

Existing electronic funds transaction networks or arrangements tend to use a remote terminal 
whiph communicates with a central database or router usually referred to as an ETSL which 
then directs the transaction to the appropriate clearing house i.e. directs the transaction to the 
20 appropriate bank or other entity or organisation that issued the card or other identifying 
device which is used to facilitate the requested transaction. 

Therefore, referring to figure 4, a remote terminal 100 is provided and this may be an 
EFTPOS terminal located at a merchant store or could alternatively comprise a user's 
25 personal computer for example. The remote terminal 100, when processing a transaction, 
will send information from the particular user by some route, for example the Internet or any 
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Other communications medium, referenced in figure 4 by a link 102 to the ETSL 1Q4. In the 
example described, for the purposes of convenience and ease of illustration, reference will be 

made to the use of credit cards. However, it will be understood that any other form of 
electronic transaction processing may be applicable to the invention as described in the 
5 example. 

The invention envisages that in the example of a credit card, such as that illustrated in figure 
5, the only information on the card is the name of the entity or bank organisation that issued 
the card, which in figure 5 is AMERICAN EXPRESS for example. Also recorded on the 
10 card is the first series of digits which are present on nearly all credit cards, for example 
comprising four digits which identify the issuing bank or entity, or provide a geographical 
indication in relation to the issuing entity. Other information which may optionally be 
provided on the card includes an expiry date. 

' ii 

15 Turning again to figure 4, the use of the card will transmit the numbers on the card (either by 
a reading device on the terminal such as a magnetic strip reader or apparatus for reading the 
digits on the card, or by the user or merchant simply entering the digits by keying them into 
the terminal). This information will be provided to the ETSL which will then be able to 
compare the digits on the card that have been provided by the user with its own stored 

20 information so that it may ascertain that the digits 3774 (as shown in figure 5) refer to an 
AMERICAN EXPRESS credit card account and may further alert the ETSL that this is a 
United States based AMERICAN EXPRESS account. Therefore, as shown in figure 4, the 
ETSL will know to direct the transaction to the AMERICAN EXPRESS host in Sydney 
referenced 106 then on through the AMERICAN EXPRESS network through AMERICAN 

25 EXPRESS Asia referenced 108 and on to AMERICAN EXPRESS based in Phoenix USA 
referenced 1 10. The account information itself is not present on the card and is not provided 
on the card or by the card when the card is swiped, for example at a remote terminal. 
Instead, a unique biological identifier is used to identify the actual account details and 
identify the person (if the clearing house requires this) at the remote terminal who is making 
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the transaction. Such biological identifiers and their use within financial transactions 
according to the present invention are described and illustrated in other parts of this 
document. 

5 Thus, in the example described with reference to figure 4, the biological identifier 
1 information is provided to the AMERICAN EXPRESS clearing house in Phoenix 
represented in box 110 and the information is processed to return either an "accepted" or 
"declined" message through the communications route already described back to the remote 
terminal. As mentioned previously, the clearing house 110 will process the transaction if it 

10 is acceptable and therefore the transaction becomes complete. 

The transaction flow may be more complex. Again referring to figure 4, if the account 
happens to be a VISA account for example, then from the information printed on the card, 
the ETSL may direct the transaction firstly to the acquiring bank in box 112 and if this bank 

15 indicates that a credit limit is exceeded for example, the transaction may be further 
forwarded onto an issuing bank for a further check in box 114. Again, if this shows that the 
limit is exceeded, the transaction may proceed to box 116 which may be another clearing 
house relating to all VISA cards for example. The issuing bank 114 may instead authorise 
the payment or transaction in which case an authorisation approval instruction is forwarded 

20 b^ck to the acquiring bank in box 112 and then further forwarded on back to the ETSL for 
notification to the customer at the remote terminal. 

It will be seen that a very large number of different communication arrangements may be 
used, but the essence of the invention is that the credit card (if any card at all is used in the 
25 transaction) merely carries a number which corresponds to the card issuer or bank or other 
"clearing house" entity to facilitate direction of the unique biological identifier information 
to that particular clearing house so that the transaction may be processed. 
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It will be seen that a very secure financial transaction system, particularly for use over the 
Internet or other electronic or optical communication mediums is provided, which has the 
significant advantage that processing speed and implementation with existing financial 
electronic transaction networks and processors is achieved by using a unique biological 
5 ' identifier. 



10 . 

DISCUSSION 1 

The following discussion concerns finger prints and how they can be used in this invention. 

■ ■ i 

About Fingerprints 

15 In North America, one of the first successful uses of fingerprints for identification was by E. 
Henry in 1901 to stop the railway workers from double collecting pay. 

The Henry system derives from the pattern of ridges; concentrically patterning the hands, 
toes, feet and in this case, fingers. 

The classic method of inking and rolling fingers on a print card produces a pattern unique to 
20 each individual digit. 

According to the Bundeskriminalamt (BKA); no two individuals have identical ridge 
patterns, ridge patterns are not inheritable, ridge patterns are formed in the embryo, ridge 
patterns never change in life, and after death may only change as a result of decomposition. 
In life, ridge patterns are only changed by accident, injury, burns, disease or other unnatural 
25 causes. 
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Identification from fingerprints requires the differentiation of uninterrupted papillary ridge 
contours followed by the mapping of anatomic marks or interruptions of the same ridges. 

The FBI , list 7 papillary ridge patterns : LOOP, ARCH, WHORL, TENTED ARCH, 
DOUBLE LOOP, CENTRAL POCKET LOOP and ACCIDENTAL 

5 All the above patterns can be discerned by the naked eye and can give a binning or indexing 
'of the resulting databases. The computer can by vector analysis of the Change of direction of 
the ridge lines, achieve what the trained eye naturally sees. 

Anatomic characteristics occur because the papillary ridges are not continuous. Each change 
of direction, bifurcation, interruption or enclosure produces anatomic characteristics (minutia 
10 in law enforcement). These characteristics may not be readily available to the human eye but 
are easily tracked by the computer. 

The Result 

What this basically means is that a decent fingerprint scanner can identify an individual 
100% reliably from his fingerprint, if you link the credit number to the fingerprint instead of 
15 a plastic card you have a nearly totally reliable method of credit transactions. It can't b6 lost 
or stolen, is always available even if nothing else is, eg after having been mugged or 
swimming on a beach. In conjunction with a large credit firm, and alongside the normal 
system, you have a new tool of limitless usefulness. 

Fingerprint Technology 

20 Fingerprint imaging technology has been in existence for centuries. The use of fingerprints 

as a unique human identifier date back to second century B.C. China, where the identity of 
the sender of an important document could be verified by his fingerprint impression in the 
wax seal (Ruggles,T. 1996 

< http://www.tech, purdue.edu/it/resources/aidc/BioWebPages/Biometrics Reference .html >). 
25 During the 17th century, it was known that fingerprints were unique to each individual and 
therefore could be used to accurately identify an individual. The 19th century introduced 
systematic approaches to matching fingerprints to certain individuals. One systematic 
approach, the Henry classification system, based on patterns such as loops and whorls, is still 
used today to organize fingerprint card files (Authentec, Inc., 1999 
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< http://www.tech.purdue.edu/it/resources/aidc/BioWebPages/Biorn etrics Reference .html>>. 
It was developed by a British policeman during the British occupation of India in the 3800 's 
(Ruggles, T. 1996 

< http://www.tech.purdue.edu/it/resources/aidc/BioWebPages/Biomet rics Reference ,html>). 
5 Today, the traditional "inking" of one's fingerprint and pressing it against a paper card is still 
the standardized way of capturing an individuals fingerprint. 

The last several years have proved that fingerprint scanners are overwhelmingly the most 
successful biometric device (Davis, A. 1997 

< http-//www.tech.piirdue.edu/it/resources/aidc/BioWebPages/B iometrics Reference .html>). 
10 Fingerprint imaging devices/applications account for nearly 80 percent of the total 
■ worldwide biometrics market, according to Frost & Sullivan. 

The first country to adopt a national computerized form of fingerprint imaging was Australia 
in 1986, which implemented fingerprint imaging technology into its law enforcement system, 
(Simon, D. G. 1994 ,. 
15 < http://www.tech.purdue.edu/it/resources/aidc/BioWebPages/Biome trics Reference .html>). 

It has been estimated that the chance of two people, including twins, having the same 
fingerprint is less than one-in-a-billion (Industry Information: Biometrics, 1996 
< http://www.tech.purdue.edu/it/resources/aidc/BioWebPages/Biomet rics_Reference ,hlml>). 

Fingerprint imaging technology looks to capture or read the unique pattern of lines on the tip 
20 of one's finger. These unique pattern of lines can either be in a loop, whori, or h pattern. 
A loop pattern can be detected when the the ridges start on one side of the finger, reach the 
center of the finger ( ■ ; - : 0 and then go or "loop" back to the same side. A whorl pattern 
can be identified as the concentric circles that are formed by the ridges in the center of one's 
finger. The remainder of these ridges shape themelves around this whorl pattern. Finally, 
25 the arch pattern is where the ridges start at one side of the finger and span themselves across 
the center of the finger to the other side (Randall, N. 1999 

< http://www.tech.purdue.edu/it/resources/aidc/BioWebPages/Biometrics_Reference.html >). 

There are several methods in accomplishing the process of identifying one's fingerprint. The 
most common method involves recording and comparing the fingerprint's 'minm:^ \ 
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Minutiae points are the points where print ridges come together or end . Minutiae points can 
be considered the uniqueness' of an individual's fingerprint (Computer Business Review, 
1998 

^htt p-//www .tech.Durdue.edu/it/resnnrces/aidc/BioWebPa fes/Biometrics Reference.html>). 

5 Other methods of identifying a person's fingerprint include counting the number of ridges 
between points, processing the fingerprint image and recording the print's sound waves. 

Fingerprint imaging technology is based on two electronic capturing methods: opi i. ii and 
v : , ii ?\ . . Optical fingerprint technologies require the user to place his or her finger on a 
glass substrate at which point an internal light source from the fingerprint device is projected 

10 onto the fingerprint. The image is then captured by a charge-coupled device (CCD). Optical 
methods have been used extensively and have been in existence for the past decade. They 
are proven but are on the expensive side and are not always reliable due to 
environmental conditions. A build up of dirt, grime, and oil from one's finger can leave a 
"ghost" image which is referred to as a "latent image" (Randall, N. 1999 

15 < htip://www.<ech.nurcUie.edn/it/resource5;/aidc/BioW ehPapes/Biometrics Reference ,html>). 
As a result, their employment has been confined to specific criminal justice and military 
installations. 

On the other hand, capacitive imaging looks to make fingerprint imaging available to the 
masses by making fingerprint imaging devices (hardware) more compact in size, less 
20 expensive, and more reliable. Capacitive systems analyse one's fingerprint by detecting the 
electrical field around the fingerprint using a sensor chip and an array of circuits. 

When a person's fingerprint is initially captured, a 'template' is constructed and stored in a 
data storage system or database. This template' is then used to compare against a person's 
fingerprint for each subsequent time he or she scans their finger. The fingerprint requires 
25 one of the largest data templates in the biometric field. The finger data template can range 
anywhere from several hundred bytes to over 1,000 bytes depending upon the level of 
security that is required and the method that is used to scan one's fingerprint. 

The identifying power of fingerprint imaging systems seems to show that they tend to reject 
over three percent of authorized users while maintaining false accept rates of less than one in 



ST TRSTTTT TTF. SHEET (RULE 26) 



WO 01/50428 PCT/NZ01/00001 

•22-, 

a million (Industry Information: Biometrics, 1996 
< hnp://ww .tech43urdue.edu/it/res 

A Practical Example 

As an example let us consider a purchase of a magazine using this system. A person 
5 approaches the counter carrying a magazine he wishes to purchase. The store owner types in 
the amount into the 'EFTPOS' machine. He pulls out a fingerprint scanner and the customer 
places his finger on it. The scanner sends an image of the print to the credit card company. It 
matches the fingerprint to it's database, and adds the amount to his card account. It finishes 
the various financial transactions required and then sends a confirmation message back, 
10 perhaps with the customer's name on it. There are also multiple other possibilities. A pin to 
go with the fingerprint, increasing security and making it easier for the credit company. 
Multiple fingerprints corresponding to different credit cards. A Card selection menu once a 
person's fingerprint is scanned. The fingerprint as a bankcard or EFTPOS card. , 

15 CONCLUSIONS . » 

It will be appreciated that a finger print reader (or possibly other present or future that is if a; 
means for determining the unique biological identifier) could easily replace the card reader 
used in automated teller machines or in standard EFTPOS terminals, although it is likely that 
this "finger print credit card" concept will be used along side the magnetically encoded 

20 plastic cards for some time to come, and as such it is envisaged that the finger print reader 
will form part of an automatic teller machine or EFTPOS terminal along side a magnetic card 
reader. 

In the case of automatic teller machines, it is likely that the finger print reader will need to be 
covered, so that there is only limited finger access to the device, to thereby minimise the 
25 possibility of vandalism. 

Finally, it will be appreciated that various alterations and modifications may be made to the 
foregoing without departing from the spirit or scope of this invention. 
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Claims 

1 . A computer implemented melhod of authenticating a financial transaction requested by a 
user using a remote terminal, the method of including the steps of 

storing account information in machine readable form, the information relating to one or 
5 more financial accounts, 

storing identity information relating to each account, the identity information including 
machine readable information corresponding to a unique biological identifier supplied by 
at least one individual authorised to access at least one of the accounts, 

submission by the user of the user's unique biological identifier, and submission of the 
10 user's transaction request at the remote terminal, 

transmission from the remote terminal to a clearing house of the user's unique biological 
identifier and the user's transaction request, 

a comparison made by the clearing house of the user's unique biological identifier with 
the stored identity information, 

15 if the users unique biological identifier matches any of the stored identity information, 

then the transaction information is compared with the account to which the biological 
information relates to ascertain whether the requested transaction is allowable, and 

; l if the transaction is allowable, processing the transaction. 

20 

2. A method as claimed in claim 1 wherein the unique biological identifier comprises a 
fingerprint and the step of the user submitting the user's unique biological identifier 
includes the step of the user placing a selected finger on a transducer supplied at the 
remote terminal and the remote terminal processing the information from the transducer 

25 to derive information relating to the unique biological identifiers. 
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3. A method as claimed in claim 1 wherein the step of submission of the users unique 
biological identifier is repeated if the stored identity information does, not match the 
user's unique biological identifier. 

4. A method as claimed in claim 1 wherein the step of submitting the user's unique 
biological identifier comprises a step of the user holding a selected finger in front of a 
camera which records a digital image of the finger print. 

10 5. A method as claimed in claim 4 wherein the remote terminal records the display of the 
camera's output and overlays a sketch of where the users finger should be placed on the 
image, then searches for a finger image to be placed over the sketch, then when the t finger 
is detected, taking a picture of the finger. ' " - 

15 6. A method as claimed in claim 5 wherein the picture is compressed and transmitted to the 
clearing house. 

7. A method as claimed in claim 1 wherein the step of submission by the user of the user's 
unique biological identifier and submission of the user's transaction request also includes 
20 submission of routing information which identifies the clearing house, bank or account 
issuing entity. 

A method as claimed in claim 7 wherein the routing information is used by a network to 
which the remote terminal is connected to direct the unique biological and the transaction 
request information to the appropriate clearing house. 



8. 

25 
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9. Apparatus for authenticating a financial transaction requested by a user using a remote 
terminal, the apparatus including 

a database having account information in machine readable form, the account 
information relating to one or more financial accounts 

the database also storing identity information relating to each account, the identity 
information including machine readable information corresponding to a unique biological 
identifier supplied by at least one individual authorised to access at least one of the 
accounts 

receiving means to receive information from a remote terminal corresponding to the 
user's unique biological identifier and information relating to the user's transaction 
request at the remote terminal, 

comparing means to compare the users unique biological identifier with the .stored 
identity information to ascertain the relevant account, and processing means to process 
the requested transaction. 

lO.iApparatus as claimed in claim 9 including means to compare the requested transaction 
with rules relating to the account to establish whether the requested transaction can be 
validly processed. 

11. Apparatus as claimed in claim 9 wherein the remote terminal comprises an EFTPOS 
machine 
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12. Apparatus as claimed in claim 9 wherein the remote terminal comprises ( a personal 
computer, and the apparatus is provided in communication with the internet or another 
computer network. 



5 13. A bank card, such as a credit card, eftpos card or the like, including a series of digits on 
the card, the digits including information, to enable identification of a clearing house 
relating to an account which the owner of the card in use has authorisation to access, and 
there being no identification information on the card regarding the identity of the user or 

the identity of the actual account or accounts which the user is authorised to access. 

1 

10 

14. Any novel feature or combination of features disclosed herein. 
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Ghent asks to purchase goods using 
his fingerprint Credit Card. 
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Vendor enters the amount into the 
terminal and gives the customer the 
Fingerprint scanner remote. 



Customer places his fingerprint on the 
scanner and the machine scans it 



Good Scan. EFTPOS terminal sends 
scan to Credit database. 



Credit database matches fingerprint to 
credit account and checks balance 
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Accepted. The credit company 
performs financial transactions and 
sends confirmation to vendor. Vendor 
prints out receipt for customer. 



Bad Scan must, repeat scan. 



Declined due to lack of credit. 



Figure 2 
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